Skip to main content

Thin PC

How does a Thin PC work?

We have recently started recycling old PC's as Thin PC - using Windows 7 Embedded. So basically using them as terminal to a remote desktop server. Gives old machines a new lease of life for no cost (assuming you have a EES agreement with MS). The trick is to get the Thin PC to go straight to the rdp to the server you want. So key steps if you are interested are:

  • Put the Thin-PC in a OU where there is a group policy that auto logs on a standard user.
  • Change the shell from explorer to %windir%\system32\mstsc.exe
  • I have one script that calls a vbs script that runs the rdp session and loops to re-run it on exit or if the user tries to close the session. Key thing is to run the scripts silently so the user cannot close them.
  • Lock Crtl-Alt-Del down with gpo so user just gets Cancel as the only option. 

Anyone wants to know more - let me know.

Comments

Popular posts from this blog

Delete a specific email using GAM

If a user send an inappropriate email to a loads of people or get stung by some sort of email exploit you can quickly delete the email from all of the recipients using a GAM command. Step 1 - get the email header Go into Google Vault and search for the offending user or someone known to have got the message. Click show details and grab the email ID. This will be a long string of characters followed by @mail.gmail.com Step 2 - find out who has the email Go into Google Vault and find the original message sent by the offending user. Look at the details to see who got it. Copy the list and dump it into a spreadsheet. Clean up to just a list of emails with a column header 'mail'. Save as a csv file. Step 3 - delete messages with GAM Put your CSV file in your GAM folder - this e.g. assumes its called mail.csv Run: gam csv mail.csv gam user ~mail delete messages query rfc822msgid: MESSAGEIDHERE doit The alternative nuke option is: gam all users delete messages query rf...

My favorite GAM commands - well a few of them at least!

Where would be without GAM? Paying for expensive syncing tools or doing tedious manual tasks in the admin console. GAM can automate most things you might want to do in G Suite. So these are a few of my favourite commands - one I use either as part of a batch file - or just standalone. There are loads more - but these are ones that are used daily. Classroom Create a spreadsheet of all your domains classes -  gam print courses todrive Create a spreadsheet of a teacher's classes:  gam print courses teacher fred@mydomain.com todrive Bulk create classes: gam csv classes.csv gam create course alias ~alias name ~alias section ~subject teacher ~teacher status ACTIVE where classes.csv is a list of classes you want to make. Add teachers: gam csv teachers.csv gam course ~alias add teacher ~teacher Add students: gam csv students.csv gam course ~alias add teacher ~student Sync Students (in this example to a group - but could be an ou/csv file) gam csv grou...

Google MDM for Windows 10 Devices - a more in depth look.

In my previous blog post, I gave an overview of Google's new mobile device management for Windows 10 devices. A few weeks in now, we have a number of users using Windows computers managed this way. So below is a more detailed video look at deploying policies followed by some of the policies and how to configure them that we have used to date. Policy Settings It's important to note that unlike ChromeOS devices, you don't put machines into OUs, but the machines pick up policy based on the OU of the user used to enrol the device. OMA-URI policies we use: AllowManualMDMUnenrollment ./Device/Vendor/MSFT/Policy/Config/Experience/AllowManualMDMUnenrollment Integer 0 This prevents users from unenrolling a device. AllowVPN ./Device/Vendor/MSFT/Policy/Config/Settings/AllowVPN Integer 0 Prevents editing the VPN settings PageVisibilityList ./Device/Vendor/MSFT/Policy/Config/Settings/PageVisibilityList string hide:network-vpn Can be used to hide bits of the set...